import re
import sqlite3


def Linux_IDS():
    file_name = "Linux_log/secure"

    list_IP = []
    list_time = []
    with open('Linux_log/'+file_name, 'r') as file:
        Linux_data = file.readlines()
    black_list = "Failed password for root from"

    for data in Linux_data:
        time_month =  data.split(" ")[0]
        time_day = data.split(" ")[2]
        time_time = data.split(" ")[3]
        time = time_month +"/" + time_day + "/" +  time_time
        if black_list in data:
            attack_IP = data.split(" ")[11]
            list_IP.append(attack_IP)
            list_time.append(time)
    a = {}
    for i in list_IP:
        a[i] =  list_IP.count(i)
    print(a)
    difAll = set(list_IP)
    for k in difAll:
        print(k) #IP
        if a[k]>5:
            print(a[k]) #次数
            flag = 0
            for i in range(len(list_IP)):
                if list_IP[i] == k and flag == 0:
                    print(list_time[i])  #时间
                    flag = 1

Linux_IDS()

